GHSA-5j6p-jrrm-6x94
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6Blast Radius
ecosystem impact- 8 pypi packages depend on apache-airflow-core (2 direct, 6 indirect)
Ecosystem-wide dependent count for version 3.2.2.
Description PRE-NVD
AnalysisAI
Sensitive information disclosure in Apache Airflow versions prior to 3.2.2 exposes JWT authentication tokens via KubernetesExecutor command-line arguments, allowing low-privileged users with process listing access on worker pods to harvest credentials and impersonate workers against the Execution API. The flaw, addressed in PR #60108 alongside a redesign of workload/execution token lifetimes, carries a CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit has been identified at time of analysis and EPSS sits at 0.02%, suggesting limited mass-exploitation activity.
Technical ContextAI
Apache Airflow's KubernetesExecutor launches worker pods by passing task execution parameters as command-line arguments to the airflow CLI inside the container. Per CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory), the workload JWT - used by workers to authenticate against the Execution API - was placed where it became visible through process listings (e.g., /proc/<pid>/cmdline, ps output, container introspection, or pod spec inspection via the Kubernetes API). The PR #60108 diff shows a broader hardening of the JWT scope model: distinguishing long-lived workload-scoped tokens (tied to scheduler task_queued_timeout, default 600s) from short-lived execution-scoped tokens (default 10 minutes) refreshed transparently by JWTReissueMiddleware, narrowing the blast radius if a token is leaked.
RemediationAI
Vendor-released patch: upgrade Apache Airflow to 3.2.2 or later, where the JWT token is no longer passed via worker command-line arguments and the workload/execution scope split limits token validity windows (see PR https://github.com/apache/airflow/pull/60108 and Apache thread https://lists.apache.org/thread/wo09vrks8189dzsot39rvrx3vnx102tt). Where immediate upgrade is not possible, compensating controls include restricting Kubernetes RBAC so non-admin service accounts cannot read pod specs or exec into worker pods in the Airflow namespace (side effect: blocks legitimate debugging by developers), enforcing PodSecurity restrictions and disabling shared process namespaces between sidecars and workers (side effect: may break existing observability sidecars that rely on /proc visibility), reducing scheduler task_queued_timeout to shrink the workload token validity window (side effect: more aggressive reaping of legitimately queued tasks under load), and rotating the JWT signing key after upgrade to invalidate any tokens that may have been harvested pre-patch.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33580